Archive for Privacy

All current outstanding requests for InWorldz OAR exports are complete.

In August of 2018, when the news came that InWorldz would shut down, I made a personal promise to the residents: I would do everything I could to ensure that any users who had any content rezzed in any region at shutdown time would be able to request, and be provided, a filtered OAR export archive of their content.

Now in July of 2019, after 11 months of near-continuous part-time efforts, I have completed the lengthy list of outstanding requests for OAR exports. Because the content was being taken off-grid, in order to respect the promises made to creators when they joined InWorldz, we needed to provide filtered OARs — only the content owned and created by a given user, or a “whitelist” of alts and collaborators providing their consent for export. This first required that a lot of specialized code be developed for the OAR loading process, and enhancements made to support not only the filtering aspects, but “drilling into” the Contents of rezzed objects, and the Contents of any objects nested within those objects.

It wasn’t just a matter of filtering objects with a subset of those in the region; when you’re looking 5 levels deep into the Contents of an object and 2 out of 5 of the Contents items are permitted for export, it means a new object must be created, and the other 3 Contents items must be replaced with placeholders — and then that new object must be substituted for the one referenced by (inserted back into) the object, which in many cases will trigger that object in the Contents list to be substituted as well, with another new object that has one or more Contents items replaced… all the way back up the parentage of objects to the one rezzed in the region. Also, most asset references needed to be checked and potentially scrubbed according to the whitelist of users. The code that scanned objects for asset IDs had no support for the newer InWorldz “Thoosa” asset storage, just the old OpenSim asset formats, and almost none of the code had support for Thoosa assets.

Just the coding itself was a tremendous amount of work, and if I had been aware of the effort required there is no way in hell I would have attempted it. I would have considered it far beyond that promise of “everything I could do” (reasonably). But I didn’t know that, dug in, and eventually completed the work anyway.

Then began the work of producing the actual filtered OAR export files for users.

Actually producing the OAR files was the easiest part. Trying to get information from users, such as a definitive lists of avatars to include, with authorizations from the email addresses that was used to register the accounts, and a list of specific region names, well that required a lot of user interaction. And interacting people slow down work tremendously. To date, it has required just under 900 email messages, often detailed and lengthy.

There was also the matter of user privacy. If “Joe User” collaborated with “Sally Avatar”, I couldn’t just provide the email addresses used to register those accounts to each of them and ask them to work it out. In many cases former project collaborators had no way to communicate, and I’d need to do that communication myself on behalf of the user requesting the OAR export, in order to protect those email addresses entrusted to InWorldz.

Even worse, I’d occasionally get an email with a confirmation of export authorization from what appeared to be the correct user, but not from the email address we had on file for that avatar account. So I could not accept such consent, and I could inform the user that it was the wrong email address, but for privacy reasons I could not provide the correct email even to that user.

Near the end I began sending a request for confirmation to the officially-registered email address in the hopes that it would reach the user and they could simply reply. But for those who moved on with email accounts, it was a battle between getting it done and privacy, and privacy was always paramount, especially since email addresses often revealed real-life identities behind the avatars.

If you would still like to receive an OAR export file:

I know some former InWorldz users are learning of all this process very late, so I’m still willing to provide OAR files for those who have missed out so far.

If you are still interested in a filtered OAR export of a former InWorldz region, please send a request to jim AT gridmail DOT org. The request should include:

the avatar name(s) of your account(s),

the avatar names of any creative collaborators who will confirm via email that I have their consent to include their content in an OAR export to you, and

the region name(s) of any regions where you had content rezzed when InWorldz was shut down in July.

Setting your OAR file expectations:

Please be aware that if you were not much of a creator of content, your OAR file will be heavily filtered. This means a lot of plywood boxes for things you purchased from other creators for use in InWorldz. That said, if there are third-party objects where you have your own content, for example a texture-changing photo frame where you added your own snapshots, the photo frame may be replaced by a box, but your snapshots would survive in the Contents of that box.

Also, an OAR export file is not really meant for end users. Second life has no knowledge of them, nor do any viewers (including Firestorm). OAR files are intended to be provided to grid owners for loading into an existing (empty) region on that grid. The only real exception to that, which isn’t really an exception, is if you are running your own Halcyon or OpenSim server (including Sim-on-a-Stick), you can do it yourself with the “load oar filename.oar” command. But there are many subtleties, including content Owner and Creator substitution that are best left to a knowledgeable grid owner. Also note: as far as I am aware, only TagGrid has a specialized process for attempting to preserve Creator info, other than the OAR owner, when loading an OAR file.

First, it references another Slate article by David Auerbach that … actually doesn’t suggest anything with identities or verification at all. Oremus suggests the Twitter problem could be solved one of two ways: the Auerbach way (which is a dramatic change, but a practical one focusing on the actual real problem), or the Oremus way (which naively equates anonymity with trolling, sticks its head in the sand, and ignores the root problems).

Auerbach points out (I believe quite validly) that part of Twitter’s problem is the need to try to show simple growth to shareholders, since going public with the company a few years ago. And this actually varies greatly from the goal of providing the best service, and a service of value to the user.

It has been argued that revenue for social sites comes from knowing who the user is. In “real life” (RL). I disagree. Money comes from providing the identity service, not for a specific identity, not from knowing real-life information. It comes from seeing that user Aardvark Alphabet was shopping on Amazon for cordless drills or whatever, then when Aardvark Alphabet later does a search for building supplies, or some other social activity such as posting a picture of something Aardvark has built, it can pull out ads for companies selling cordless drills and insert them into his search results or any other ads Aardvark is being presented with.

It doesn’t matter who he is, or who he has authenticated as, on other sites. The idea is to be the one to provide that service that allowed him to log in as Aardvark Alphabet in the first place, or any identity. But just to be his identity provider… i.e. to also be his intelligent, targeted ad provider. And that is just for the ad revenue part of this.

But more importantly, there are many many reasons for using an alternative online persona, and any policy that doesn’t recognize that is alienating a percentage of its users. Here’s the EFF summary explaining it: https://www.eff.org/issues/anonymity If you think online pseudonyms are a bad thing, read that first, it’s not long.

This paragraph in particular is almost frightening in its self-contradition:

“From Twitter’s perspective, my plan would probably run afoul of its noble, if arguably misguided, hard-line commitment to anonymity and freewheeling speech—all without fully solving the abuse problem. It’s true that there’s great public value in a platform that allows almost anyone to be heard, even if others would like them silenced. Twitter’s importance to political dissidents, for example, is underscored every time an autocratic regime tries to censor it or shut it down.”

I’m flabbergasted at that first sentence. I’ll take a closer look at it below. Andrea (Twitter user ‏@puellavulnerata, who is a core developer for the Tor anonymity software) wrote:

“Please do explain, @WillOremus, what constitutes a ‘legitimate’ reason for pseudonymity and why you failed to notice that it isn’t pseudonymity anymore if you have to leak identifying details to prove you have one.”

If the content is not self-governed in some way by the users of the service, then Twitter has failed in its primary mission. There cannot be any kind of central authority choosing sides. As Andrea put it:

“Twitter has misconceptualized the problem as ‘good people’ vs. ‘trolls’ when it’s more like intercommunity conflict and so they’ve built tools which embed assumptions that everyone wants the same stuff filtered far more than is actually true. I don’t care about investor perception, I care about having a place to conduct my online social life that won’t get destroyed out from under me by some idiot fixation on legal identities and universalized norms of conduct. Hence, in the long run, we must kill centralized platforms like Twitter and build a replacement not dependent on investor whims.”

Whether we need to a replacement for Twitter or not, I’m not sure at this point. I do know that any real-name policy will kill Twitter. It runs contrary to its very fiber and I agree with Oremus above stating his own plan would effectively be a horrible idea: “From Twitter’s perspective, my plan would probably run afoul of its noble, if arguably misguided, hard-line commitment to anonymity and freewheeling speech—all without fully solving the abuse problem.”

To paraphase that: “My plan would ruin the very reason for Twitter’s existence, and wouldn’t actually solve the problem.” Ohhhh-kay. The cost-benefit trade-off is off the scale. So if they do that for the investors, good luck with that share price a year or two later.

I do agree with Oremus’ final two paragraphs. Twitter is different than Facebook and Google+, and needs to stay that way:

“Unfortunately, Twitter is not a public-benefit corporation. Since it decided to go public in 2013—a mistake, I believe, in retrospect—the company must answer to its shareholders, and they’ve made their top priority clear: growth. And not slow, steady growth, but rapid growth on a massive scale. They want Twitter to be more like Facebook.

“I’ve argued for years that Twitter is fundamentally different from Facebook, and we should all root for it to stay that way. Yet, for all its shortcomings as a venue for discussion, Facebook’s platform is far less conducive than Twitter’s to public abuse from unaccountable trolls. At this juncture, Twitter simply has to find a way to become a little less hostile. If it can do that, at the very least the company will become palatable to corporate suitors while better serving the majority of its users. At the same time, its data will become more valuable to advertisers. And beyond that, who knows: It might even start growing again.”

So why would a company want to be the identity service for a smaller portion of the population? Why can’t they learn from these same mistakes made by Google (e.g. Google+ and YouTube both) and others, and just let users choose how much personal information to reveal? Because they (blindly and falsely) think anonymity means trolls. So they go ahead and exclude a percentage of the world population that needs that social connectivity the most. And in addition to being a social crime against a subset of the population, it’s also not in their shareholders’ best interests. #fail

The good news is that this is just a proposal from someone writing for Slate. It’s not a good one, and it’s not a proposal from Twitter, so there’s no reason to believe Twitter would pay any attention to it. Let’s hope they stay the course on anonymity and the use of online pseudonym.

Comments Off on Slate posts a very bad proposal for Twitter users and shareholders both.

The article begins by saying “Proponents of pseudonymity scored a major victory today, when Google executive Vic Gundotra revealed at the Web 2.0 Summit that social networking service Google+ will begin supporting pseudonyms and other types of identity.”

However, it’s unclear what changes Gundotra’s comments referred to, and I believe the EFF is either jumping to conclusions, or intentionally trying to apply pressure to Google by pigeonholing the decision makers there into providing something that the EFF would consider a victory.

In contrast to the aggressive and crystal-clear headline, the EFF report ends with an almost complete flipflop — a much more watered down “hopeful” comment: “Though it is not yet clear what those features will look like, we are cautiously optimistic that Google+ will do the right thing to ensure that all of its users feel free to express themselves on the site.”

Mashable’s Reports

Furthermore, the EFF report is based on an article on Mashable, with a much calmer and accurate title “Google+ to Support Pseudonyms”.

Like the EFF article, it also ends with a cautionary note: “Gundotra didn’t go further into how Google+ will support pseudonyms.”

The question regarding pseudonyms was: “Eric (Schmidt, CEO), in the press, defended that as ‘We are an identity company, and therefore we want to have the right identity.’ Will you reconsider that?”

Gundotra replied: “We plan to support pseudonyms… in the future… we’re working on it. So it’s coming.” “It was largely an issue of development priorities. It’s complicated… to get this right.” “It doesn’t mean that we’re not going to support… uh uh… other forms of identity… it’s coming… it’s just that this is the way we wanted to roll out the service; this is the atmosphere we wanted to set” … “we’ll add these features.”

I Call BS

I call BS on the EFF article. First, this is old news. Gundotra is just reiterating what he said months ago.

Months ago, during the closed beta, when I had a Google+ account, I begged for them to add support for a separate per-circle identity — a kind of per-circle display name — so that Google could know my wallet name, but other users in different circles would know me by my online name, or possibly different online names. Then just as I was deleting my Google+ account, Gundotra claimed that Google would be adding support for this, but it was a significant development undertaking and it would take time. The impression I got from his comments was that it would take 6-12 months, and that in the meantime, the policy stands: Google+ identities would be required to be wallet names. Even once this work was complete, the Google account itself would represent a wallet name person, not an online identity. To understand why, again see that Mashable article.

But such a promise is not enough for me. After further thought, I decided that I used an online identity for a reason, and I did not want anyone, certainly not Google, especially not through my own direct application to them, to be able to connect my online identity with my offline (wallet) name.

When Google+ allows me to create a pseudonym-based Google profile, and use that as my Google+ account, then I will claim victory in the Nymwars. However, that would be a much smaller technical change than what Gundotra claims was required here. Until I see that, my belief is that they are doing what I originally suggested; they are adding support for one or more “pseudonyms to be supported” under an account based on a wallet name (only).

The Place For Optimism

From my perspective, the most positive comment was not the one regarding pseudonyms, but rather the question near the end, when a man from the audience asked about allowing Google Apps user accounts to have access to Google+. Gundotra claimed that the only reason this was not available was due to the “large body of technical work to enable Google+ to work with Google Apps”. In the long run, if Google wants to see continued growth of Google+, they will need to pull in the millions of existing accounts in use by other Google services. To limit Google+ use to new Google+ specific accounts is to sign the Google+ death warrant. So this begs the question: will they just do the technical work to let those millions of accounts in, with pseudonyms? Or will they also update the usage policies on those accounts to force a similar real-name policy? My personal bet is that they will eventually open Google+ to all Google accounts, including pseudonyms. Otherwise, we will all watch Google+ die a slow horrible death.

Other Notable Moments

There were some interesting quotes in that video interview, as well as some funny awkward moments. Here are some quotes from Vic Gundotra:

Questioned about Facebook and the challenge: “The incumbent has a huge advantage. And if you play the same game, that’s a hard game to win.”

Regarding a misguided interpretation of online identity: “It turns out that your friends, your mother, your cousin, they’re already on Google. They use it all the time. We’ve never given them a reason to express their identity and their relationships. And we’re going to do that.” Apparently he believes that your cousin isn’t using an online identity, but a wallet ID. And yet: “We do not believe in oversharing. We have a different philosophy.”

There were some funny moments too:

“I’ve been with Google for approaching five years.” Q: “Where were you before that?” A: “I used to work… with Steve… at Microsoft.” (laughter) “Wow. That was hard to get out.” (laughter) “Um…” (more laughter)

My favorite line however was this one: “There is a reason why every thought in your head does not come out of your mouth.” (laughter)

In a move that could send shockwaves globally, the following statement was released to the press earlier today.

Social and Morality (S&M) Rating Downgraded

FOR IMMEDIATE RELEASE

TORONTO (August 8, 2011 3:00PM) Jim Tarber today announces that he is reluctantly downgrading his future expectations for Google, and in particular the outlook for their Google Plus (Google+) product. Siting concerns over the increasing moral deficit and growing recognition of this deficit by Google social users, industry pundits and the mainstream press, Tarber takes this action in the hopes of it being seen as a wake-up call to the decision makers at the Google megacorp.

Specifically, this downgrade reflects our opinion that the user naming policies Google decision makers have enacted recently falls short of what, in our view, would be necessary to stabilize the product’s short-, medium- and long-term social dynamics.

More broadly, the downgrade reflects our view that the effectiveness, stability, and predictability of Google policy making and corporate institutions have weakened at a time of ongoing identity and privacy challenges to a degree more than we envisioned when we assigned a negative outlook to the rating on July 21st, 2011.

Since then, our view has changed to recognize the difficulties in bridging the gulf between the parties over naming policy, which makes us pessimistic about the capacity of the policy makers to be able to leverage their recent clarification this week into a broader naming consolidation plan that stabilizes the Google+ service dynamics any time soon.

The outlook on the long-term Social and Morality rating is negative. We could lower the long-term rating to “evil empire” within the next two years if we see that reduction in privacy continues, or new data harvesting pressures during the period result in future privacy hostility or a corresponding greater moral deficit trajectory than we currently assume in our base case.